Block range of IP Addresses

Discussion in 'General troubleshooting' started by zoinky, Aug 15, 2010.

  1. I am trying to block access to my site from all the chinese hackers,
    Their ip addresses are 124.115.x.xx..
    so I want to add a rule that will block anything that has 124.115.x.xx
    I thought i was doing this correctly by using the IIS manager, and adding a DENY rule for 124.115.0.0 with submask of 255.255.0.0 but apparently I was told this is wrong as this only adds one ip,

    I am not really sure what it should be so any help would be appreciated
     
  2. Ray

    Ray

    I'm not sure who told you this but what you are doing should be correct. If you go to your IIS 7 Manager, connect to our server, and go to "IPv4 Address and Domain Restrictions" and go to Deny Restrictions, you have an option to either pick a individual IP address or a rang. What you input should be correct where all IP address that start with the first two octets "124.115" will be blocked.
     
  3. 124.115.*.* is Korea, not China.

    But I have to tell you that you cannot block any "hackers" by IP. Well, I suppose you could, but you'd have to block thousands of IP ranges and thousands of proxies. When you were finished you would have successfully blocked the "hackers," but also half of the world.

    It would be a better use of your time to make sure your site is not exploitable using any common methods, such as SQL injection.

    You should also know that the most common form of site exploit doesn't happen through your web site, it happens through your computer. A virus drops a keylogger onto your computer and sends every keystroke you make to some bad guys somewhere. They parse all that text looking for likely username/password combinations, then log into your account(s) the same way you would.

    We see the keylogger exploits every day. We rarely see site based exploits.
     
  4. Well to elaborate a little further, what I am trying to do is prevent the said ip range from accessing the site not for security reasons but strictly for stats, my site is showing I get 300 unique visitors a day, most of which are of the said IP, so I am simply trying to prevent them so that my stats are more "accurate"


    with that said, I initially submitted a support ticket (Ticket Number 277-13F91A31-6928) I was adviced by your staff member to use IIS Manager and further I was told this is incorrect, also attached is the denyrule.jpg that was mentioned in the ticket.

    I am really confused, one of you guys is telling me I did it wrong, the other is saying i did it right, clearly its not working the way I have done it, so any help would be appreciated.

    here is the content of the ticket (read from bottom up)


    --------------------------------------------------
    8/15/2010 7:41 AM - Joseph J. (josephjwh)

    Subject: block ip
    Hello,

    The entry that you entered is for a specific IP address and not for an IP range.

    I'm afraid that I can't offer extended assistance for the IIS 7 Manager module that you're using since it's beyond the scope of support that I can provide but you're more than welcome to register, in case you haven't already and then post any questions that you may have in the Winhost Community Forum for peer support.

    Sincerely,

    Joseph J.
    Winhost
    8/14/2010 10:14 PM -

    Subject: block ip
    Attachments: denyrule.jpg
    I have added the "deny rule" but it doesnt seem to have worked
    attached is the screen shot of what rule i added, did i make a mistake or something?
    also i did recycle the application pool but still did not work
    8/14/2010 9:53 AM - Jose E. (jesparzawh)

    Subject: block ip
    Hello,

    You can actually block the IP by using IIS Manager, which gives you the functionality of blocking an IP you do not want viewing your site.

    You can read more about IIS Manager in our KB here: http://support.Winhost.com/KB/a628/using-the-microsoft-iis-70-manager.aspx

    For step by step instructions on how to do so, you can always visit the Winhost Forums [http://forum.Winhost.com/]

    Sincerely,

    Jose E.
    Winhost
    8/14/2010 2:11 AM -

    Subject: block ip
    I need to block all the incoming traffic from the following ip
    they are from china and messing with my site stats.
    thanks

    124.115.*

    according to the geography/map in stats that said IP is based in china not korea, but thats not important, imnportant part is I would like to some how prevent that IP range to get denied when request are made
     

    Attached Files:

    Last edited by a moderator: Oct 14, 2015
  5. Ray

    Ray

    Like said previously what you had before should work, not unless you are actually typing 124.115.x.x it should be 124.115.0.0 with sub net mask of 255.255.0.0
     
  6. Are you using SmarterStats (our default stats program)? You might be able to set up a filter to leave that IP out of your results. I haven't tried that, but it should work...
     
  7. well it wont even let you type the .x.x anyways since that is a invalid IP
    so i definitely did it right according to the attachment in the previous post which shows the screen shot of my current rule setup (it shows how its done in IIS manager)
    I would really appreciate it if someone could help me work this out,
    setting up filters would be too much, i simply want to be able to block IP's, even for the future.

    If you require IIS Manager credentials i can send them through a ticket (but i assume u would have access to these ), also i am using the default stats program you guys provide.


    thanks

    i emailed ticket to support again
    their response is below.
    Seriously is this the type of support you guys run when something as simple as blocking an IP becomes issue for your support?
    I mean you guys say post your problems on forum before going all insane about how your support is terrible, this is a perfect example of being bounced around,
    I want a simple answer, can you guys help me block range of ip's or should i look at another host.

    ----------------------------------------------------------------------------

    Hello,

    Please understand that we cannot guide you on this issue. You'll need to refer to the forum.

    Sincerely,

    Joe R.
    Winhost


    ________________________________
    From:=================
    Sent: Wed, 18 Aug 2010 20:20:47 -0700
    To: Winhost - Support
    Subject: block ip

    I need help with this,
    as said i posted on the forum and i am being told 2 different things by different people on your staff

    http://forum.Winhost.com/showthread.php?t=5098
     
    Last edited by a moderator: Oct 14, 2015
  8. Ray

    Ray

    I'm a little confused. In the first thread you stated you setup the Deny IP rule and you set it for a range, any IP address with 124.115.x.x should be blocked from pulling up your site. Who told you it is wrong? How do you know that IP addresses with 124.115.x.x is actually pulling up your site?
     
  9. please review details in Ticket Number 277-13F91A31-6928
    to sum it up
    initially i sent a ticket in to have the said IP range banned from accessing the site or even showing up in smarterstats
    >told by ur staff member(Jose E. (jesparzawh)) to download IIS Manager and add a deny rule, I did and it dit not work,
    >sent a ticket back to support saying id id it but doesnt work, and to review what i did to see if its correct
    >ticket support (Joseph J. (josephjwh)said this is incorrect because what i did will only ban ONE ip and not range and to seek support from the FORUM.
    >posted messages in forum (see above), staff on the FORUm said this is correct syntax,
    >went back to ticket support saying that staff on support is telling my syntax is correct, so i said how come it doesnt work and i need help getting this to work
    >ticket support (Joe R. (joeruizwh)) said they cant help me anymore and to seek help from the FORUM
    >sent a last ticket to support saying how can they not help me i already went to the forum and they are saying this is correct then your saying its not correct.
    >finally got a message from MUNDO through support saying he confirmed my web config and it does have the deny rule for the said ip and that this is indeed correct way of blocking access to a site

    HOWEVER, even most of you are saying this is correct, it is still not blocking those users from showing up in smarterstats, ultimately i want to just have this IP banished from all content of my site including stats
    below is what is in my web.config and as of few minutes ago, i still see visitors from said IP through stats

    ----
    <security>
    <ipSecurity>
    <add ipAddress="124.115.0.0" subnetMask="255.255.0.0" allowed="false" />
    </ipSecurity>
    </security>
     
  10. Ray

    Ray

    SmarterStats works in a higher level then your application. SmarterStats grabs the http logs from the server, the IP restriction you imposed is on the application level. You really cannot stop the IP address from initially requesting your web page. The IP address you have on you list will get some sort of 400 error when they try to pull up your site on their browser.
     
  11. The simple answer is: no we can't. Not via helpdesk.

    That's not a function of our support. We don't provide any specific configurations, troubleshoot code or otherwise touch our customer's stuff. There are a lot of reasons for that. That's why this forum is here.

    As Ray pointed out, even if you block an IP, that IP will be in the log. The request to the server is still there. And if it's in the log, SmarterStats is going to show it to you. The only way to keep the IP out of your logs would be to block it at the router, and you can't do that.

    I would suggest again that you look at filtering the IP out of the SmarterStats reports.
     

Share This Page